from Dan:

This is a new policy for the User Switching capability coming in gnome.

consolekit is a daemon that communicates with xdm_t and hal through dbus to change the
ownership/access on certain devices when the login session changes from one user to another
This commit is contained in:
Chris PeBenito 2007-03-19 18:01:15 +00:00
parent 6c20f77e80
commit c224d91c7b
5 changed files with 97 additions and 1 deletions

View File

@ -32,6 +32,8 @@
- Clean up file context regexes in apache and java, from Eamon Walsh. - Clean up file context regexes in apache and java, from Eamon Walsh.
- Patches from Dan Walsh: - Patches from Dan Walsh:
Thu, 25 Jan 2007 Thu, 25 Jan 2007
- Added modules:
consolekit (Dan Walsh)
* Tue Dec 12 2006 Chris PeBenito <selinux@tresys.com> - 20061212 * Tue Dec 12 2006 Chris PeBenito <selinux@tresys.com> - 20061212
- Add policy patterns support macros. This changes the behavior of - Add policy patterns support macros. This changes the behavior of

View File

@ -0,0 +1 @@
/usr/sbin/console-kit-daemon -- gen_context(system_u:object_r:consolekit_exec_t,s0)

View File

@ -0,0 +1,40 @@
## <summary>Framework for facilitating multiple user sessions on desktops.</summary>
########################################
## <summary>
## Execute a domain transition to run consolekit.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`consolekit_domtrans',`
gen_require(`
type consolekit_t, consolekit_exec_t;
')
domtrans_pattern($1,consolekit_exec_t,consolekit_t)
')
########################################
## <summary>
## Send and receive messages from
## consolekit over dbus.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`consolekit_dbus_chat',`
gen_require(`
type consolekit_t;
class dbus send_msg;
')
allow $1 consolekit_t:dbus send_msg;
allow consolekit_t $1:dbus send_msg;
')

View File

@ -0,0 +1,49 @@
policy_module(consolekit,1.0.0)
########################################
#
# Declarations
#
type consolekit_t;
type consolekit_exec_t;
init_daemon_domain(consolekit_t, consolekit_exec_t)
########################################
#
# consolekit local policy
#
allow consolekit_t self:capability { sys_tty_config dac_override sys_nice sys_ptrace };
allow consolekit_t self:process getsched;
allow consolekit_t self:fifo_file rw_fifo_file_perms;
allow consolekit_t self:unix_stream_socket create_stream_socket_perms;
dev_read_urand(consolekit_t)
dev_read_sysfs(consolekit_t)
domain_read_all_domains_state(consolekit_t)
domain_use_interactive_fds(consolekit_t)
files_read_etc_files(consolekit_t)
init_use_script_ptys(consolekit_t)
libs_use_ld_so(consolekit_t)
libs_use_shared_libs(consolekit_t)
miscfiles_read_localization(consolekit_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(consolekit_t)
term_dontaudit_use_generic_ptys(consolekit_t)
')
optional_policy(`
dbus_system_bus_client_template(consolekit, consolekit_t)
dbus_send_system_bus(consolekit_t)
dbus_connect_system_bus(consolekit_t)
hal_dbus_chat(consolekit_t)
')

View File

@ -1,5 +1,5 @@
policy_module(unconfined,1.5.1) policy_module(unconfined,1.5.2)
######################################## ########################################
# #
@ -79,6 +79,10 @@ ifdef(`targeted_policy',`
bluetooth_dbus_chat(unconfined_t) bluetooth_dbus_chat(unconfined_t)
') ')
optional_policy(`
consolekit_dbus_chat(unconfined_t)
')
optional_policy(` optional_policy(`
cups_dbus_chat_config(unconfined_t) cups_dbus_chat_config(unconfined_t)
') ')